Securing our API is already part of the process of creating our module, and is also handled by the configuration. The way Magento restrict access to their API is using ACL.
As we learned earlier, these ACL allows us to set up roles with access to different parts of the API. Now what we have to do is make our new custom functions available to the ACL:
Open the
api.xml
file.Add the following code after the
</v2>
node located atapp/code/local/Mdg/Giftregistry/etc/api.xml
:<?xml version="1.0" encoding="UTF-8"?> <acl> <resources> <giftregistry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> <sort_order>1</sort_order> <registry translate="title" module="mdg_giftregistry"> <title>MDG Gift Registry</title> <list translate="title" module="mdg_giftregistry"> <title>List Available Registries</title> </list...